/**
 * CURL SSRF Example
 *
 * @author Feei <wufeifei@wufeifei.com>
 * @link   http://wufeifei.com/ssrf
 */
function callback(){  
    /*
     * 此处$callback_url为变量被赋值成字符串
     * 此时我们只需要检测该url参数是否有风险
     * 如果URL参数为file:///etc/passwd等非HTTP/HTTPS协议，则存在风险
     * 如果URL参数为普通HTTP/HTTPS服务，则无风险
     */
    $callback_url = 'http://wufeifei.com/cobra';
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $callback_url);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_exec($ch);
    curl_close($ch);
}